What Happened in the Tanstack Supply Chain Attack
Developers and OpenAI Mac users are feeling the impact of a recent software supply chain attack involving the Tanstack library, a popular set of npm packages used in web development. An attacker published 84 malicious versions across 42 Tanstack packages, some of which normally receive millions of weekly downloads. The rogue updates were caught and removed within about 20 minutes by security researchers, but that brief window was enough to pose a real risk. The malicious Tanstack versions were designed to download credential‑stealing malware during the npm install process. Any developer who installed an affected version on 2026-05-11 must treat the machine used for that installation as potentially compromised. This incident highlights how a single compromised dependency can quickly cascade through the ecosystem, quietly delivering malware wherever that dependency is trusted and reused.
How the Tanstack Vulnerability Affected OpenAI Mac Security
OpenAI confirmed that two employee devices with access to its corporate environment installed the malicious Tanstack versions. While OpenAI’s investigation has found no evidence that user data, production systems, or intellectual property were accessed or that its software was altered, the malware did perform credential‑focused exfiltration activity on a small set of internal source code repositories. Critically, those repositories contained code‑signing certificates for OpenAI apps, including iOS, macOS, and Windows products. Code‑signing certificates are what operating systems use to verify that an app is legitimate and untampered. If abused, a threat actor could sign fake apps so they appear to be official OpenAI software and bypass normal Mac security prompts. OpenAI says it has seen no signs that any malicious software has been signed with its certificates, but it is rotating and revoking them as a precaution.
Why Mac Users Must Update ChatGPT and Codex Immediately
Because OpenAI’s previous macOS signing certificates may have been exposed, the company is requiring Mac users to move to newly signed versions of its apps. This includes the ChatGPT and Codex macOS applications. Updating ensures your apps are verified with fresh certificates, reducing any chance that a forged, malicious build could be trusted by macOS under the old keys. OpenAI has announced that it will fully revoke its older macOS certificates on June 12, 2026. After that date, new downloads and first‑time launches of apps signed with the previous certificate will be blocked by macOS security protections. To avoid disruption, Mac users should update now via the in‑app updater or by downloading installers only from OpenAI’s official website. No action is required for OpenAI’s Windows or iOS apps, as their updates are being handled separately by the company.
Step‑by‑Step: How to Update and Verify Your OpenAI Mac Apps
To protect yourself from any fallout of the Tanstack vulnerability and the associated supply chain attack, start by updating your OpenAI Mac apps. First, open ChatGPT or Codex on your Mac. In the app menu, look for an option such as “Check for Updates” or “Update” and install any available update. If you prefer a clean install, visit OpenAI’s official download page in your browser, download the latest macOS installer, and follow the on‑screen instructions. Once updated, confirm you are running the newest version by checking the app’s “About” screen and verifying that no further updates are offered. Next, enable automatic updates within the app or through your preferred software management tool so future security patches are applied quickly. Finally, avoid installing any “OpenAI,” “ChatGPT,” or “Codex” apps from links in emails, ads, chat messages, or third‑party download sites.
Best Practices to Guard Against Future Supply Chain Attacks
The Tanstack incident is a reminder that even trusted tools can become attack vectors when threat actors compromise widely used dependencies. To reduce your exposure, always obtain software directly from official vendor sites or trusted app stores, and be skeptical of unexpected installers, especially those promoted through unsolicited emails, messages, or file‑sharing links. For developers, regularly review dependency lists, pin versions when possible, and monitor security advisories for the npm ecosystem. On macOS, keep automatic system and app updates enabled so you receive certificate rotations, malware updates, and security patches promptly. If you installed any vulnerable Tanstack packages on 2026-05-11, treat that system as potentially compromised: change cloud and developer credentials, review logs for unusual access, and consider a full OS reinstall if warranted. Combining timely updates with cautious download habits and strong credential hygiene will significantly improve your resilience against future supply chain attacks.